CSP: Adding the 'upgrade-insecure-requests' directive.

Source/core/frame/csp/ContentSecurityPolicy.h

 /*
  * Copyright (C) 2011 Google, Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 10 matching lines @@
  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #ifndef ContentSecurityPolicy_h
 #define ContentSecurityPolicy_h
 
 #include "bindings/core/v8/ScriptState.h"
 #include "core/dom/ExecutionContext.h"
+#include "core/dom/SecurityContext.h"
 #include "core/frame/ConsoleTypes.h"
 #include "platform/network/ContentSecurityPolicyParsers.h"
 #include "platform/network/HTTPParsers.h"
 #include "platform/weborigin/ReferrerPolicy.h"
 #include "wtf/HashSet.h"
 #include "wtf/PassOwnPtr.h"
 #include "wtf/PassRefPtr.h"
 #include "wtf/RefCounted.h"
 #include "wtf/Vector.h"
 #include "wtf/text/StringHash.h"
@@ skipping 44 matching lines @@
     static const char Referrer[];
 
     // Manifest Directives (to be merged into CSP Level 2)
     // https://w3c.github.io/manifest/#content-security-policy
     static const char ManifestSrc[];
 
     // Mixed Content Directive
     // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode
     static const char BlockAllMixedContent[];
 
+    // https://w3c.github.io/webappsec/specs/upgrade/
+    static const char UpgradeInsecureRequests[];
+
     enum ReportingStatus {
         SendReport,
         SuppressReport
     };
 
     static PassRefPtr<ContentSecurityPolicy> create()
     {
         return adoptRef(new ContentSecurityPolicy());
     }
     ~ContentSecurityPolicy();
@@ skipping 81 matching lines @@
     // on the floor if no such context is available).
     void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, LocalFrame* = nullptr);
 
     void reportBlockedScriptExecutionToInspector(const String& directiveText) const;
 
     const KURL url() const;
     void enforceSandboxFlags(SandboxFlags);
     void enforceStrictMixedContentChecking();
     String evalDisabledErrorMessage() const;
 
+    void setInsecureContentPolicy(SecurityContext::InsecureContentPolicy);
+    SecurityContext::InsecureContentPolicy insecureContentPolicy() const { return m_insecureContentPolicy; };
+
     bool urlMatchesSelf(const KURL&) const;
     bool protocolMatchesSelf(const KURL&) const;
 
     bool experimentalFeaturesEnabled() const;
 
     static bool shouldBypassMainWorld(const ExecutionContext*);
 
     static bool isDirectiveName(const String&);
 
 private:
@@ skipping 22 matching lines @@
     // to calculate a hash once and then distribute it to all of the directives
     // for validation.
     uint8_t m_scriptHashAlgorithmsUsed;
     uint8_t m_styleHashAlgorithmsUsed;
 
     // State flags used to configure the environment after parsing a policy.
     SandboxFlags m_sandboxMask;
     bool m_enforceStrictMixedContentChecking;
     ReferrerPolicy m_referrerPolicy;
     String m_disableEvalErrorMessage;
+    SecurityContext::InsecureContentPolicy m_insecureContentPolicy;
 
     OwnPtr<CSPSource> m_selfSource;
     String m_selfProtocol;
 };
 
 }
 
 #endif